Most Discussed

F-Secure: 'Several dozen' malware threats to Mac in 2011

updated 01:40 am EST, Thu January 19, 2012

by MacNN Staff

More than before, but not consummate with growth

The Mac platform saw a modest increase in malware outbreaks in 2011 over years past, but still "a small fraction" when compared to Windows, said security firm F-Secure. It added that while malware attacks were increasing, the rate of increase was not commensurate with the growth of the platform, suggesting that most exploits tend to come from programs rather than flaws in the OS itself. In all, the company identified 58 separate threats in 2011, most stemming from a handful of vulnerabilities.

According to the report, trojans were the most popular form of attack with 28 variants, with backdoor exploits comprising another 15. The company did not say how many malware attacks had been seen in previous years, nor did it specify the exact number of Windows malware attacks for comparison.

Threats to the Mac appeared most frequently in June and October, and fell off to nearly none in late summer. This year was notable for the more extensive coverage given to malware threats, including the MacDefender "anti-virus" malware that made headlines over its fairly successful "social engineering" trick of masquerading as a preventative to threats.

The MacDefender malware prompted Apple to begin putting automatic malware protection definitions into OS X (which are silently updated on a routine basis). The malware was "killed off" when Russian authorities raided the Russian online payment processor ChronoPay that was apparently the home of the attack.

Other malwares have been spotted hiding inside pirated Mac apps, including illegal copies of GraphicConverter 7.4 and iWork. A backdoor threat was found in other pirated Mac software, which called itself a virus but ultimately was unable to do much harm.

This fall, a fake "Flash Installer" offered by some sites tried to steal passwords and take screenshots that were sent to a remote server in hopes of obtaining personal data. A later variant tried to actively disable the built-in Apple malware protections, but like most other malware was largely unsuccessful at accomplishing its programmed goals.

F-Secure, which also sells anti-"virus" and malware software and thus has some self-interest in promoting Mac security, said that it expects "more of the same" pattern of malware attacks in 2012, as hacker try to discover programs with exploits and inject code into them -- the same principle used by jailbreaking software for iOS, though so far the mobile OS has not been affected by any serious threats, unlike its rival Android.

The WebKit engine that powers Safari and other browsers, along with JavaScript and Java, have been identified by researchers like Charlie Miller as a source of such exploits, but recent moves by Apple to "sandbox" apps and processes within apps will make the process of exploiting vulnerabilities harder, experts say.

FUD - Fear, Uncertainty and Doubt - the intentional insidious weapon of advertising for "security" software manufacturers and of politicians. FUD is a form of domestic terrorism. It is allowed to remain legal because politicians need it to survive. It is used by any entity that is void of any intrinsic value; morally wrong by intentionally praying on the weak, and should be banned. I am all for freedom of speech, but this is more akin to yelling fire in a theatre. It is the moral equivalent of placing a bomb in a church. At the very least, our children should be taught how to protect themselves by identifying FUD in text and advertising.

You folks are going off the deep end. Most of us who read MacNN, are advanced users who are wired to understand technology and understand how trojans attacks happen as well knowing how to identify when something is wrong or even smells a little bit fishy. We know exactly (in most cases) what a phishing attack looks like and whether or not a message about not have the right plugin is legit or a trojan waiting to happen. We also know to turn off "Open "safe" files after downloading" within Safari to further protect our Macs.

But you know what folks? We are the top 10% (or less!) of all users of Macs. The great majority of that other 90% are not wired like us and/or as informed and up-to-date about trojan issues on the Mac platform. It is these users who just might need anti-malware software to help them not get caught up in a trojan attack or other type of scam that can be prevented through use of anti-malware. Some users want to know that it safe to forward an email they received to a non-Mac user and not have to be concerned about whether or not they are forwarding an email that is infected with a PC virus to their friend. I do part-time Mac IT work and have had a couple of clients (home users in these cases) who have been conned into downloading a trojan and installing it. They did realize too late they had been tricked when the video they were trying to watch (and told they didn't have the right plugin) STILL wouldn't play after they downloaded and ran the installer. That's why they called me all in a panic insisting I come over right away and clean up their mistake. :-)

So, just because you are Internet savvy, don't let that cloud your judgement that some Mac users do in fact need anti-malware software.

since they back it up with real information. I vaguely recall about 8 malware issues under OS 9.x. They have documented 58, so what is FUD about that?

Whether or not it becomes common for malware to be found on the Mac (MS products aside ;) tomorrow, or in year 2038 or whenever, is not the time to consider whether you want to take some sort of preventive action.

Login Here

Now AAPL Stock: 113.95 ( + 1.83 )

Cirrus creates Lightning-headphone dev kit

Apple supplier Cirrus Logic has introduced a MFi-compliant new development kit for companies interested in using Cirrus' chips to create Lightning-based headphones, which -- regardless of whether rumors about Apple dropping the analog headphone jack in its iPhone this fall -- can offer advantages to music-loving iOS device users. The kit mentions some of the advantages of an all-digital headset or headphone connector, including higher-bitrate support, a more customizable experience, and support for power and data transfer into headphone hardware. Several companies already make Lightning headphones, and Apple has supported the concept since June 2014. http://bit.ly/29giiZj

Share

Developer163d

Apple Store app offers Procreate Pocket

The Apple Store app for iPhone, which periodically rewards users with free app gifts, is now offering the iPhone "Pocket" version of drawing app Procreate for those who have the free Apple Store app until July 28. Users who have redeemed the offer by navigating to the "Stores" tab of the app and swiping past the "iPhone Upgrade Program" banner to the "Procreate" banner have noted that only the limited Pocket (iPhone) version of the app is available free, even if the Apple Store app is installed and the offer redeemed on an iPad. The Pocket version currently sells for $3 on the iOS App Store. [32.4MB]

Share

163d

Porsche adds CarPlay to 2017 Panamera

Porsche has added a fifth model of vehicle to its CarPlay-supported lineup, announcing that the 2017 Panamera -- which will arrive in the US in January -- will include Apple's infotainment technology, and be seen on a giant 12.3-inch touchscreen as part of an all-new Porsche Communication Management system. The luxury sedan starts at $99,900 for the 4S model, and scales up to the Panamera Turbo, which sells for $146,900. Other vehicles that currently support CarPlay include the 2016 911 and the 2017 models of Macan, 718 Boxster, and 718 Cayman. The company did not mention support for Google's corresponding Android Auto in its announcement. http://bit.ly/295ZQ94

Share

Industry163d

Apple employees testing wheelchair features

New features included in the forthcoming watchOS 3 are being tested by Apple retail store employees, including a new activity-tracking feature that has been designed with wheelchair users in mind. The move is slightly unusual in that, while retail employees have previously been used to test pre-release versions of OS X and iOS, this marks the first time they've been included in the otherwise developer-only watchOS betas. The company is said to have gone to great lengths to modify the activity tracker for wheelchair users, including changing the "time to stand" notification to "time to roll" and including two wheelchair-centric workout apps. http://bit.ly/2955JDa

Share

Troubleshooting163d

SanDisk reveals two 256GB microSDXC cards

SanDisk has introduced two 256GB microSDXC cards. Arriving in August for $150, the Ultra microSDXC UHS-I Premium Edition card offers transfer speeds of up to 95MB/s for reading data. The Extreme microSDXC UHS-I card can read at a fast 100MB/s and write at up to 90MB/s, and will be shipping sometime in the fourth quarter for $200. http://bit.ly/294Q1If

Share

Upgrades/storage163d

Apple's third-quarter results due July 26

Apple has advised it will be issuing its third-quarter results on July 26, with a conference call to answer investor and analyst queries about the earnings set to take place later that day. The stream of the call will go live at 2pm PT (5pm ET) via Apple's investor site, with the results themselves expected to be released roughly 30 minutes before the call commences. Apple's guidance for the quarter put revenue at between $41 billion and $43 billion. http://apple.co/1oi1Pbm

Share

Investor164d

Twitter stickers slowly roll out to users

Twitter has introduced "stickers," allowing users to add extra graphical elements to their photos before uploading them to the micro-blogging service. A library of hundreds of accessories, props, and emoji will be available to use as stickers, which can be resized, rotated, and placed anywhere on the photograph. Images with stickers will also become searchable with viewers able to select a sticker to see how others use the same graphic in their own posts. Twitter advises stickers will be rolling out to users over the next few weeks, and will work on both the mobile apps and through the browser. http://bit.ly/29bbwUE